There are many articles about configuring LAMP.
Many of them have a couple of paragraphs, which briefly describe the installation and basic configuration of ProFTPd.
As a rule, this is not enough to organize a normal hosting operation.
The question arises – “how to configure a specific user’s ftp access to a particular virtual host?”.
Virtual FTP users.
For hosting it is inappropriate to start users in the system. It is much more logical to create virtual ftp-users.
First of all, you need to determine where we will store their accounts.
ProFTPd has several options, but I will consider only two:
- Alternate user and password file.
- MySQL DBMS.
Immediately make a reservation that I have a system Ubuntu 10.04.
Apache works on behalf of www-data, for which UserId = 33, GroupId = 33.
Logs of the ftp server by default can be seen here: / var / log / proftpd /
In the manual, I will create a user tester, to work with the virtual host test.ru.
General configuration of ProFTPd.
Open the config ProFTPd, by default it is located /etc/proftpd/proftpd.conf.
For security reasons, add the following lines to it:
DefaultRoot ~<br>ServerIdent on "FTP Server ready."
Tt is recommended to do it in the official user manual.
The rest can be left by default, as it is.
Storage of virtual users in a text file.
We need the ftp user to be able to edit and delete the files created by the scripts.
Create a new virtual ftp user with login tester, identifier 33, group 33 and home directory /var/www/test.ru.
ftpasswd --passwd --file=/etc/proftpd/ftpd.passwd --name=tester --uid=33 --gid=33 --home=/var/www/test.ru --shell=/bin/false
After executing the command, the system will ask you to enter the user’s password twice.
As a result, we will have a file /etc/proftpd/ftp.passwd with a record about the user.
By the way, you can change the user password by the following command:
ftpasswd --passwd --name=tester --change-password
Now edit /etc/proftpd/proftpd.conf, to connect the virtual user:
RequireValidShell off<br>AuthUserFile /etc/proftpd/ftpd.passwd
Restart ftp:/etc/init.d/proftpd restart
Storage of virtual users in the MySQL database.
To store virtual users in the MySQL database, you need the proftpd-mod-mysql package.
Through PHPMyAdmin or any other convenient way we create a new database, for example proftpd.
We also create a new user proftpd_user with the password proftpd_password with the rights to read this database.
In the database, create one table:
CREATE TABLE `proftpd`.`users` (<br>`username` VARCHAR( 32 ) NOT NULL ,<br>`password` VARCHAR( 32 ) NOT NULL ,<br>`uid` INT NOT NULL ,<br>`gid` INT NOT NULL ,<br>`homedir` VARCHAR( 255 ) NOT NULL ,<br>`shell` VARCHAR( 255 ) NOT NULL ,<br>UNIQUE (`username`)<br>) ENGINE = MYISAM CHARACTER SET utf8 COLLATE utf8_general_ci;
And add a record about the user:
INSERT INTO `proftpd`.`users` (`username`, `password`, `gid`, `homedir`, `shell`) VALUES (<br>'tester', 'pass', '33', '33', '/var/www/test.ru', '/bin/false' );
This completes the MySQL configuration.
Now, with regards to the configuration of the FTP server.
Editing the file /etc/proftpd/modules.conf – remove the comment from the lines:
LoadModule mod_sql.c<br>LoadModule mod_sql_mysql.c
Edit the file /etc/proftpd/proftpd.conf.
We need to add the line
Include /etc/proftpd/sql.conf
And also remove the comment or add the line:
AuthOrder mod_sql.c
The file /etc/proftpd/sql.conf is given in the following form:
<IfModule mod_sql.c><br># <span id="result_box" lang="en"><span>We inform you that we intend to work with MySQL DBMS</span></span><br>SQLBackend mysql<br>SQLEngine on<br># <span id="result_box" lang="en"><span>asswords in the database are stored in an open format</span></span><br>SQLAuthTypes Plaintext<br># <span id="result_box" lang="en"><span>We connect to the proftpd database by the user proftpd_user with the password proftpd_password</span></span><br>SQLConnectInfo proftpd@localhost proftpd_user proftpd_password<br># <span class="short_text" id="result_box" lang="en"><span>Selecting data from the users table</span></span><br>SQLUserInfo users username password uid gid homedir shell<br># <span class="short_text" id="result_box" lang="en"><span>Authenticate users from this table</span></span><br>SQLAuthenticate users*<br># <span id="result_box" lang="en"><span>By default, the user's minimum UserID and GroupID = 999</span></span><br>SQLMinUserUID 33<br>SQLMinUserGID 33<br># <span class="short_text" id="result_box" lang="en"><span>At the time of debugging we write logs</span></span><br>SQLLogFile /var/log/proftpd/sql.log
Restart ftp:/etc/init.d/proftpd restart
Configuring ftp-users access the directories
Change directory owner /var/www/test.ru:
сhown www-data:www-data /var/www/test.ru
Set permissions on the directory, otherwise we’ll see the permission denied:
chmod 775 /var/www/test.ru
Now, virtual users can create, edit and delete files and folders.
In general, you need to add the lines to proftp.conf:
You also need to set the permissions of 440 to passwd and group files, and also make threi owner proftpd and root
The ready conf looks like this:
In the file /etc/init.d/proftpd there is a bug, with the restart command the service does not restart, and as a result of the logs rotation it successfully hangs.For normal work you need to replace the line
start-stop-daemon –stop –signal $SIGNAL –quiet –pidfile “$PIDFILE”
to
start-stop-daemon –stop –signal $SIGNAL –retry 1 –quiet –pidfile “$PIDFILE”